H
hjlbx
Thread author
Hello,
This is a mini-review of Kaspersky Internet Security 2015.
Pros:
Cons:
Impression:
What I immediately noticed was KIS' automation. For example, it automatically scans modules in active memory, rates them, and then adds them to the Application Monitoring module.
Another useful feature, it has a Trusted Application module that allows the user to manually scan all installed apps, KIS rates them, but leaves it up to the user to "Allow" or "Block" as they deem fit.
The Application Monitoring module is policy-based and is optimally suited to more experienced users. If you understand everything in the policy restrictions list, then you are Neo and have no need of AV.
I think a policy-based sandbox is infinitely more powerful than a virtual sandbox as long as clever bypasses are blocked. I tested KIS (with its file guard turned off) against Malware1's CryptoLocker bypass. KIS blocked it as Unknown/Untrusted. It also blocked the recent JS.Downloader/Bat.Encoder combo posted on MT's Malware Hub (BitDefender, to its credit, allowed the script to run but later detected and cleaned the hidden malicious downloads squirreled away in the Windows temp sub-folder/file). From what I see KIS handily crushes BitDefender and Comodo Internet Security for a number of reasons. There's so much behind this assessment you will just have to trust me.
I think KIS does a better than average job of dealing with malware once its on a system than most. Watching KIS it is more obvious what is being done compared to BD. (BD just does it without explanation...and that is fine, but you may scratch your head once in a while. This only becomes a real issue if a legitimate file is removed by BD and it breaks something.) Restoring legitimate file is more intuitive/easy in KIS.
KIS' default settings are a good balance between security and performance. There are some tweaks that the user may wish to make, one of which is to deactivate "Trust Digitally Signed Applications."
There are a few minor GUI, logging and configuration quirks, but nothing that a seasoned AV user won't figure out quickly. Navigation is a bit tedious and accessing certain settings is not always straight-forward (is multi-step).
One of the best things about KIS is that I didn't experience any bugs on my specific system. If there are any bugs they probably are limited to GUI/logging/notification info quirks. That kind of stuff can really confuse a novice but advanced user with multi-AV softs experience should be able to sort it out quickly.
I personally don't like the GUI all that much (It's OK, it gets the job done), but I am willing to tolerate it because of KIS' high level of protection.
Bottom line ... this one is better suited to user than wants ability to comprehensively monitor system. The highly configurable policy module is essentially a pseudo-HIPS at default settings.
Interactive mode at maximum settings is full-blown classical HIPS and should most definitely not be used by the novice. In fact, the only time that these settings, combined with the highest logging level, are ever - repeat - ever - necessary is if you are trying to track down something screwy on your system. And they should only then be used for short periods of time and then returned to default settings when you are finished.
If you use interactive mode at maximum settings you will quickly become frustrated and form a bad impression of Kaspersky... which is unfortunate as the problem is not Kaspersky, the real problem is that you don't know what you are doing by using KIS in a way for which it was not intended except under dangerous conditions.
Hint: For best user experience with a very high level of protection ... please, use default settings...and also suggest Trusted Applications Mode. And there's no way around it. You have to "put-in your time" using KIS to get a clue.
It offers a good balance of automation while at the same time a high-degree of configurability.
On my system it uses low resources, is stable and I am not seeing any incompatibility issues. In my experience one of the very best (Emsisoft, ESET, Kaspersky).
I gotta tell ya, I am really liking it... despite the mediocre GUI.
To Kaspersky I only add Shadow Defender for dangerous online activities and/or malware testing and MBAM Free.
That, really, is more than sufficient anti-virus protection.
This is a mini-review of Kaspersky Internet Security 2015.
Pros:
- Top-tier protection based on testing against samples from MT's Malware Hub.
- Comprehensive, all-inclusive features including built-in Task Manager and network monitor.
- Impact on my W8.1 system reasonably good during normal use with default settings (not while scan running; but not as low as BD). Long system re-start on my specific system, but low resource usage during normal work-load at desktop.
- Highly automated at default settings generally requiring little user interaction (but not as minimalistic as BitDefender). Default settings are very well optimized. +100 for the smart Russians.
- User is able to figure out what actions KIS has taken to protect system; reasonably clear logging.
- When set to interactive mode notifications are unobtrusive yet demand attention, clear and require concrete decisions (Allow, Block, Delete, Skip, etc) by user.
- Metro App monitoring.
- Highly configurable applications rules (tedious).
Cons:
- Protections reduced on 64-bit systems; Kaspersky products only available in 32-bit versions at this time. For 64-bit system best protection must use Trusted Application Mode.
- System cleaner/optimization is completely unnecessary.
- Some features are not/may not be needed.
- GUI is not optimal; navigation is a "busy" user experience.
- Novice will have no clue regarding powerful policy-based Application Monitoring nor in interactive mode at maximum settings (default settings are optimized by Kaspersky to provide a very high level of security so there typically is not a need to change).
- Alerts only appear on my system for a second or two (I think this is by design to prevent alert freeze issues when multiple alerts appear/but everything is recorded in log detail so not big issue).
- Some very minor GUI\log quirks that may cause confusion.
- There is no means for user to manually add file to Quarantine.
- Stability can be an issue - it shows up in GUI hangs/freezes/craggy at max settings on low-end system.
- Built-in Network Monitor only displays connections with no WHOIS/IP verification capabilities.
- Low-end processor cannot handle intensive tasks - such as scanning 500 file malware packs at maximum settings; will cause AppHang.
- Denying Windows Explorer network access on Public Network breaks internet (this is an advanced user setting).
- Global or app-specific firewall rules can be created, but it is tedious if you want to tightly lock down network security.
- Rules can be created from within firewall alerts, but it is a convoluted multi-step rigmarole that needs improvement. -1 for the Russians.
** SPECIAL NOTE: Trusted Application Mode **
Trusted Application Mode deserves a special emphasis as I see some potentially critical issues. The TAM scan, GUI and config options need to be improved. Period. Done incorrectly it can wreck the system (e.g. blocking unrecognized system drivers... by the way, same exact dilemma with Comodo Internet Security that uses a rating scan).:
- The TAM scan should only be performed on a clean system and close attention paid to which apps are allowed and blocked. Inadvertently allow malware\PUP and your goose is cooked.
- TAM scan should be performed on a system preferably right after system start, before certain apps are opened - like a browser - as KIS will detect scripts/potential garbage in the Net Cache and include it in the scan results. Fortunately, they do not get added to the Trusted Files list...it appears KIS filters them out. +1 for the smart Russians.
- There is currently no means to remove entries from the Trusted Mode scan list results; user has to either allow or block. However, KIS will recommend either not enabling TAM or allowing any unknown system files, lest TAM blocks unknown driver or other critical file causing system instability or crashes. Another +1 for the smart Russians. NOTE: On a clean system I would allow all items only after a thorough verification by the user... this is a tedious, but necessary step that will keep the system safe while at the same time prevent serious. You will be very satisfied with the end result.
- TAM scan does not need to be performed on a regular basis as KIS will create auto-rules from Kaspersky Security Network database. This is a huge assist. +1 again for the smart Russians.
Impression:
What I immediately noticed was KIS' automation. For example, it automatically scans modules in active memory, rates them, and then adds them to the Application Monitoring module.
Another useful feature, it has a Trusted Application module that allows the user to manually scan all installed apps, KIS rates them, but leaves it up to the user to "Allow" or "Block" as they deem fit.
The Application Monitoring module is policy-based and is optimally suited to more experienced users. If you understand everything in the policy restrictions list, then you are Neo and have no need of AV.
I think a policy-based sandbox is infinitely more powerful than a virtual sandbox as long as clever bypasses are blocked. I tested KIS (with its file guard turned off) against Malware1's CryptoLocker bypass. KIS blocked it as Unknown/Untrusted. It also blocked the recent JS.Downloader/Bat.Encoder combo posted on MT's Malware Hub (BitDefender, to its credit, allowed the script to run but later detected and cleaned the hidden malicious downloads squirreled away in the Windows temp sub-folder/file). From what I see KIS handily crushes BitDefender and Comodo Internet Security for a number of reasons. There's so much behind this assessment you will just have to trust me.
I think KIS does a better than average job of dealing with malware once its on a system than most. Watching KIS it is more obvious what is being done compared to BD. (BD just does it without explanation...and that is fine, but you may scratch your head once in a while. This only becomes a real issue if a legitimate file is removed by BD and it breaks something.) Restoring legitimate file is more intuitive/easy in KIS.
KIS' default settings are a good balance between security and performance. There are some tweaks that the user may wish to make, one of which is to deactivate "Trust Digitally Signed Applications."
There are a few minor GUI, logging and configuration quirks, but nothing that a seasoned AV user won't figure out quickly. Navigation is a bit tedious and accessing certain settings is not always straight-forward (is multi-step).
One of the best things about KIS is that I didn't experience any bugs on my specific system. If there are any bugs they probably are limited to GUI/logging/notification info quirks. That kind of stuff can really confuse a novice but advanced user with multi-AV softs experience should be able to sort it out quickly.
I personally don't like the GUI all that much (It's OK, it gets the job done), but I am willing to tolerate it because of KIS' high level of protection.
Bottom line ... this one is better suited to user than wants ability to comprehensively monitor system. The highly configurable policy module is essentially a pseudo-HIPS at default settings.
Interactive mode at maximum settings is full-blown classical HIPS and should most definitely not be used by the novice. In fact, the only time that these settings, combined with the highest logging level, are ever - repeat - ever - necessary is if you are trying to track down something screwy on your system. And they should only then be used for short periods of time and then returned to default settings when you are finished.
If you use interactive mode at maximum settings you will quickly become frustrated and form a bad impression of Kaspersky... which is unfortunate as the problem is not Kaspersky, the real problem is that you don't know what you are doing by using KIS in a way for which it was not intended except under dangerous conditions.
Hint: For best user experience with a very high level of protection ... please, use default settings...and also suggest Trusted Applications Mode. And there's no way around it. You have to "put-in your time" using KIS to get a clue.
It offers a good balance of automation while at the same time a high-degree of configurability.
On my system it uses low resources, is stable and I am not seeing any incompatibility issues. In my experience one of the very best (Emsisoft, ESET, Kaspersky).
I gotta tell ya, I am really liking it... despite the mediocre GUI.
To Kaspersky I only add Shadow Defender for dangerous online activities and/or malware testing and MBAM Free.
That, really, is more than sufficient anti-virus protection.
Last edited by a moderator: